external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

/usr/bin/iiab-remoteit tries license key first; claim code if nec

Browse source
This commit is contained in:
root 2022-04-07 23:44:00 -04:00
parent 9181a4e04d
commit 1df563d2a9
3 changed files with 112 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
roles/remoteit/README.md
View file

@ -8,25 +8,30 @@ For other approaches, please see http://FAQ.IIAB.IO -> "How can I remotely manag
## Getting Started
### Create a remote.it account + install its desktop application
### Create a remote.it account + consider its desktop application
1. Browse to [https://remote.it](https://remote.it) (Web Portal) and sign up for an account.
2. Download and install the remote.it [desktop application](https://remote.it/download/) (e.g. for Windows, macOS or Linux) on your own laptop/computer. Their https://remote.it Web Portal and [mobile apps](https://docs.remote.it/introduction/get-started/readme#installation-packages) are also sometimes sufficient, but less functional.
2. Consider downloading and installing the remote.it [desktop application](https://remote.it/download/) (e.g. for Windows, macOS or Linux) on your own laptop/computer. Their https://remote.it Web Portal and [mobile apps](https://docs.remote.it/introduction/get-started/readme#installation-packages) are also sometimes sufficient, but less functional.
COMPARISON: "The Desktop and [CLI](https://docs.remote.it/software/cli) can [each] support both peer to peer connections and proxy connections [whereas] the Web Portal and API can only support proxy connections" according to https://docs.remote.it/software/device-package/usage
<!-- ### Install remote.it onto an IIAB + register it + authorize services/ports -->
### OPTION #1: Generate a remote.it claim code for your IIAB + register it + authorize services/ports
<!-- ### OPTION #1: Run `sudo iiab-remoteit` to enable remote.it -->
Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_state.yml` (this is the default!) It means that the remote.it [Device Package](https://docs.remote.it/software/device-package) is installed on your IIAB, most important. It also means the _strictly optional_ `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli) is installed, offering [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device) than the Device Package.
Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_state.yml` (this is the default!) This means that the remote.it [Device Package](https://docs.remote.it/software/device-package) is installed on your IIAB, most important. It also means the _strictly optional_ `/usr/bin/remoteit` [command-line interface (CLI)](https://docs.remote.it/software/cli) is installed, offering [a few more features](https://support.remote.it/hc/en-us/articles/4412786750861-Install-the-remoteit-agent-on-your-device) than the Device Package.
1. Run `sudo iiab-remoteit` to enable remote.it on your IIAB.
Hit `[Enter]` (repeatedly if necessary, to accept all defaults) if you want to quickly generate a new claim code for your IIAB.
Hit `[Enter]` <!-- (repeatedly if necessary, to accept all defaults) --> if this is a fresh install, to quickly generate a claim code for your IIAB.
(The claim code is put in `/etc/remoteit/config.json` and must be used [within 24 hours](https://docs.remote.it/device-package/installation#2.-update-your-package-manager-and-install).)
NOTE: If a remote.it license key is found in `/etc/iiab/local_vars.yml` or `/etc/remoteit/registration`, that will be tried first (prior to generating a claim code).
*If the license key works, you will not get a claim code, as the IIAB device auto-registers to your remote.it account (skip to Step 3. below).*
<!--
1. Connect your IIAB device to the Internet.
@ -103,14 +108,16 @@ Prerequisite: Find any IIAB with `remoteit_installed: True` in `/etc/iiab/iiab_s
4. If your IIAB software is already installed, make sure your IIAB is online.
Now register your IIAB to your remote.it account (while enabling remote.it on your IIAB device) by running:
Now register the IIAB device to your remote.it account, by running `sudo iiab-remoteit` (this also enables remote.it on your IIAB).
Or, if you prefer the legacy approach, run:
```
cd /opt/iiab/iiab
sudo ./runrole remoteit
```
If you also want to reinstall the (latest) remote.it Device Package on your IIAB, you can instead run:
The legacy approach can also reinstall the (latest) remote.it Device Package on your IIAB, if you instead run:
```
cd /opt/iiab/iiab

5
roles/remoteit/tasks/enable-or-disable.yml
View file

@ -3,7 +3,7 @@
template:
src: registration.j2
dest: /etc/remoteit/registration
when: remoteit_enabled and remoteit_license_key is defined
when: remoteit_license_key is defined
- name: Redact OPTIONAL remoteit_license_key from /etc/iiab/local_vars.yml, if remoteit_enabled and remoteit_license_key is defined
# shell: sed -i '/^remoteit_license_key:/d' {{ iiab_local_vars_file }}
@ -11,7 +11,8 @@
path: "{{ iiab_local_vars_file }}"
regexp: '^remoteit_license_key:.*'
state: absent
when: remoteit_enabled and remoteit_license_key is defined
when: remoteit_license_key is defined
# 2022-04-07 FYI: connectd (below) never deletes /etc/remoteit/registration

143
roles/remoteit/templates/iiab-remoteit
View file

@ -1,79 +1,112 @@
#!/bin/bash -e
# Run 'sudo iiab-remoteit' to enable remote.it AND get a new claim code. Also
# lets you download + install the latest Device Package to IIAB. GENERAL TIPS:
# http://FAQ.IIAB.IO -> "How can I remotely manage my Internet-in-a-Box?"
# 'remoteit' Device Package AND /usr/bin/remoteit CLI already installed by:
# https://github.com/iiab/iiab/blob/master/roles/remoteit/tasks/install.yml
# 2022-04-03: SEE ALSO roles/remoteit/templates/iiab-remote.old
# http://FAQ.IIAB.IO -> "How can I remotely manage my Internet-in-a-Box?"
echo -e "\nhttps://remote.it can help you remotely manage this IIAB.\n"
iiab_var_value() {
v1=$(grep "^$1:\s" /opt/iiab/iiab/vars/default_vars.yml | tail -1 | sed "s/^$1:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/")
v2=$(grep "^$1:\s" /etc/iiab/local_vars.yml | tail -1 | sed "s/^$1:\s\+//; s/#.*//; s/\s*$//; s/^\(['\"]\)\(.*\)\1$/\2/")
[[ $v2 != "" ]] && echo $v2 || echo $v1 # [ "$v2" ] ALSO WORKS
}
echo -e "Let's generate a claim code and enable it. Documentation:\n"
echo -e "\nLet's enable https://remote.it to help you remotely manage this IIAB:\n"
echo -e "https://github.com/iiab/iiab/blob/master/roles/remoteit/README.md\n"
if [ -f /etc/remoteit/config.json ]; then
echo -en "\e[1mTo proceed we will delete /etc/remoteit/config.json, Ok? [Y/n]\e[0m "
read ans < /dev/tty # Strips outer whitespace, whether we like it or not!
echo
[[ $ans = "n" ]] || [[ $ans = "N" ]] && exit 1
# If someone manually deleted the dir, that blocks generation of claim code,
# and also license key extraction from /etc/iiab/local_vars.yml just below.
[ ! -d /etc/remoteit ] &&
mkdir /etc/remoteit
KEY1=$(iiab_var_value remoteit_license_key)
if [[ $KEY1 != "" ]]; then
if [ -s /etc/remoteit/registration ]; then # Non-zero size
KEY2=$(cat /etc/remoteit/registration)
if [[ $KEY1 != $KEY2 ]]; then
mv /etc/remoteit/registration /etc/remoteit/registration.$(date +%F_%T_%Z)
echo -e "Old /etc/remoteit/registration moved aside.\n"
fi
fi
echo $KEY1 > /etc/remoteit/registration
echo -e "Copied {{ remoteit_license_key }} to /etc/remoteit/registration"
sed -i '/^remoteit_license_key:/d' /etc/iiab/local_vars.yml
echo -e "Removed remoteit_license_key from /etc/iiab/local_vars.yml\n"
fi
# Explanation below, on lines 65-72
if [ -f /etc/remoteit/registration ]; then
echo -en "\e[1mTo proceed we will delete /etc/remoteit/registration, Ok? [Y/n]\e[0m "
read ans < /dev/tty # Strips outer whitespace, whether we like it or not!
echo
[[ $ans = "n" ]] || [[ $ans = "N" ]] && exit 1
# /etc/remoteit/registration consequences summarized on lines 78-83
if [ -s /etc/remoteit/registration ]; then # Non-zero size
cp -p /etc/remoteit/registration /tmp/etc.remoteit.registration
echo -e "License key $(cat /etc/remoteit/registration) will be attempted."
echo -e "It's backed up from /etc/remoteit/registration to /tmp, in case of purge.\n"
elif [ -f /etc/remoteit/registration ]; then # Zero size, e.g. due to touch
rm /etc/remoteit/registration
echo -e "Empty /etc/remoteit/registration deleted, so claim code can be generated.\n"
fi
echo -e "\nThis IIAB must be online to begin!\n"
echo -en "\e[1mOptionally download + install latest remote.it Device Package? [y/N]\e[0m "
echo -en "\e[1mOptionally purge + install latest remote.it Device Package? [y/N]\e[0m "
read ans < /dev/tty # Strips outer whitespace, whether we like it or not!
echo
if [[ $ans = "y" ]] || [[ $ans = "Y" ]]; then
# 2022-04-02: Full Path Avoids problematic /usr/local/bin/apt on Linux Mint
# Full apt path avoids problematic /usr/local/bin/apt on Linux Mint
/usr/bin/apt -y purge "remoteit*" || true
# Why the brutal purge? Even 'apt -y reinstall remoteit.*.deb' is stronger
# than 'install -y' in install_agent.sh, but still sometimes insufficient!
# https://github.com/iiab/iiab/blob/master/roles/remoteit/tasks/install.yml#L18-L21
if [ -f /tmp/etc.remoteit.registration ]; then
# apt purge should rmdir /etc/remoteit but might be sloppy in future?
[ ! -d /etc/remoteit ] &&
mkdir /etc/remoteit
cp -p /tmp/etc.remoteit.registration /etc/remoteit/registration
fi
# apt install & enable "latest" remote.it Device Package for your CPU/OS
curl -L https://downloads.remote.it/remoteit/install_agent.sh | sh
else
# 2022-04-04: Stop/Delete/Bounce sequence follows official suggestion here:
# 2022-04-07: Stop/Delete/Start sequence follows official suggestions here:
# https://support.remote.it/hc/en-us/articles/360061228252-Oops-I-cloned-an-SD-card-
# https://docs.remote.it/oem-and-bulk-provisioning/registration-into-a-users-account
#
# FYI if /etc/remoteit/config.json DOESN'T EXIST:
#
# 1) If /etc/remoteit/registration exists and is EMPTY, bouncing connectd... DOESN'T CREATE /etc/remoteit/config.json
# 2) If /etc/remoteit/registration DOESN'T EXIST, bouncing connectd... CREATES /etc/remoteit/config.json WITH a claim code + WITHOUT an SSH service.
# 3) If /etc/remoteit/registration contains an INVALID license key, bouncing connectd CREATES /etc/remoteit/config.json WITH a claim code + WITHOUT an SSH service.
# 4) If /etc/remoteit/registration contains a VALID license key, bouncing connectd... CREATES /etc/remoteit/config.json WITHOUT a claim code + WITH an SSH service.
#
# FYI if /etc/remoteit/config.json EXISTS, bouncing connectd will update
# config.json's internal "timestamp" without changing anything else,
# regardless whether /etc/remoteit/registration exists and what it contains,
# and regardless whether /etc/remoteit/config.json contains a claim code.
echo -e "In a few seconds, all 3 {connectd, schannel, remoteit@...} should be enabled!\n"
systemctl stop connectd # "Safer" (though it's generally exited already!)
systemctl stop connectd # "Safer" (though it's generally exited already!)
# If someone manually deleted the dir, this blocks generation of claim code
[ ! -d /etc/remoteit ] &&
mkdir /etc/remoteit
[ -f /etc/remoteit/config.json ] &&
#if [ ! -f /etc/remoteit/registration ] && [ -f /etc/remoteit/config.json ]; then
if [ -f /etc/remoteit/config.json ]; then
# echo -en "\n\e[1mMove /etc/remoteit/config.json, so registration can begin? [Y/n]\e[0m "
# read ans < /dev/tty # Strips outer whitespace, whether we like it or not!
# echo
# [[ $ans = "n" ]] || [[ $ans = "N" ]] && exit 1
mv /etc/remoteit/config.json /etc/remoteit/config.json.$(date +%F_%T_%Z)
[ -f /etc/remoteit/registration ] &&
mv /etc/remoteit/registration /etc/remoteit/registration.$(date +%F_%T_%Z)
#echo -e "/etc/remoteit/config.json moved aside, so claim code can be generated.\n"
#echo -e "/etc/remoteit/config.json moved aside, so device registration can begin.\n"
echo -e "/etc/remoteit/config.json moved aside, for fresh device registration.\n"
fi
# /etc/remoteit/registration is deleted above, but just FYI if it existed:
#
# 1) If /etc/remoteit/registration exists and is empty, connectd (below)
# will not create /etc/remoteit/config.json
# 2) If /etc/remoteit/registration contains an invalid license key, connectd
# (below) will create /etc/remoteit/config.json WITH a claim code.
# 3) If /etc/remoteit/registration contains a valid license key, connectd
# (below) will create /etc/remoteit/config.json WITHOUT a claim code.
systemctl start connectd # Claim Code logic + kickstarts 2 svcs below
# /usr/share/remoteit/refresh.sh does the same thing (or close) as per:
# https://docs.remote.it/oem-and-bulk-provisioning/registration-into-a-users-account
systemctl start connectd # Registration logic (use license key or
# generate claim code) then kickstart 2 "child" services below.
# FYI running /usr/share/remoteit/refresh.sh appears to do the exact same
# thing (as bouncing service connectd).
systemctl enable connectd # 2 enable lines, like enable-or-disable.yml
@ -94,11 +127,27 @@ else
echo "remoteit_enabled: True" >> /etc/iiab/local_vars.yml
fi
claim_code=$(grep claim /etc/remoteit/config.json | rev | cut -d\" -f2 | rev)
echo -e "\nYour new claim code is \e[44;1m${claim_code}\e[0m -- YOUR NEXT STEPS ARE...\n"
if grep -q claim /etc/remoteit/config.json; then
claim_code=$(grep claim /etc/remoteit/config.json | rev | cut -d\" -f2 | rev)
echo -e "\nYour new claim code is \e[44;1m${claim_code}\e[0m -- YOUR NEXT STEPS ARE...\n"
echo -e "\e[1m1) Install the remote.it Desktop Application on your own laptop/computer:\e[0m"
echo -e " https://remote.it/download/\n"
echo -e "\e[1m1) Log in to https://remote.it or its Desktop Application on your own PC:\e[0m"
echo -e " https://remote.it/download/\n"
echo -e "\e[1m2) Use the above 8-character claim code WITHIN 24H as shown here:\e[0m"
echo -e " https://docs.remote.it/software/device-package/installation#3.-claim-and-register-the-device\n"
echo -e "\e[1m2) Use the above 8-character claim code WITHIN 24H as shown here:\e[0m"
echo -e " https://docs.remote.it/software/device-package/installation#3.-claim-and-register-the-device\n"
echo -e "\e[1m3) Authorize services/ports (e.g. SSH, HTTP, etc) for your IIAB device:\e[0m"
echo -e " https://docs.remote.it/software/device-package/installation#4.-set-up-services-on-your-device\n"
else
echo -e "\nLicense key (if valid!) hopefully worked -- YOUR NEXT STEPS ARE...\n"
echo -e "\e[1m1) Log in to https://remote.it or its Desktop Application on your own PC:\e[0m"
echo -e " https://remote.it/download/\n"
echo -e '\e[1m2) In the "Devices" section on the left, check that your IIAB is now present:\e[0m'
echo -e " https://docs.remote.it/software/device-package/installation#3.-claim-and-register-the-device\n"
echo -e "\e[1m3) Authorize services/ports (e.g. SSH, HTTP, etc) for your IIAB device:\e[0m"
echo -e " https://docs.remote.it/software/device-package/installation#4.-set-up-services-on-your-device\n"
fi